8 matches found
CVE-2025-53572
CVE-2025-53572: Deserialization of untrusted data in the WordPress plugin WP Easy Contact (emarket-design) allows PHP object injection in version <= 4.0.1. Affected: WP Easy Contact
WordPress WP Easy Contact plugin cross-site scripting vulnerability
WordPress WP Easy Contact plugin is mainly used for website message function management, support users to submit messages and send them to the administrator's mailbox. WordPress WP Easy Contact plugin suffers from a cross-site scripting vulnerability that stems from the lack of effective filterin...
WordPress WP Easy Contact plugin cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress WP Easy Contact plugin, which stems from insufficient input cleanup and output escaping, and can be exploited by an...
CVE-2025-5539
The Simple Contact Form Plugin for WordPress – WP Easy Contact plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'emdmbmeta' shortcode in all versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping on user supplied attribute...
CVE-2025-5539
The Simple Contact Form Plugin for WordPress – WP Easy Contact plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'emdmbmeta' shortcode in all versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping on user supplied attribute...
CVE-2025-5539 Simplify Contact Management: WP Easy Contact <= 4.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Simple Contact Form Plugin for WordPress – WP Easy Contact plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'emdmbmeta' shortcode in all versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping on user supplied attribute...
WordPress plugin WP Easy Contact 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress WP Easy Contact plugin, which stems from insufficient input cleanup and output escaping, and can be exploited by an...
Easy Contact 0.1.2 WordPress Plugin Cross Site Scripting
Hello list! I want to warn you about Insufficient Anti-automation, Abuse of Functionality and Cross-Site Scripting vulnerabilities in plugin Easy Contact for WordPress. ------------------------- Affected products: ------------------------- Vulnerable are Easy Contact 0.1.2 and previous versions...